nvd,anchore_overrides
Graphicsmagick
Vulnerabilities
121
Known exploited
0
Critical
18
High
41
Top products
Top vulnerabilities
CVE-2025-27796ReadWPGImage in WPG in GraphicsMagick before 1.3.46 mishandles palette buffer allocation, resulting in out-of-bounds access to heap memory in ReadBlob.
CVE-2020-10938GraphicsMagick before 1.3.35 has an integer overflow and resultant heap-based buffer overflow in HuffmanDecodeImage in magick/compress.c.
CVE-2019-19951In GraphicsMagick 1.4 snapshot-20190423 Q8, there is a heap-based buffer overflow in the function ImportRLEPixels of coders/miff.c.
CVE-2019-19950In GraphicsMagick 1.4 snapshot-20190403 Q8, there is a use-after-free in ThrowException and ThrowLoggedException of magick/error.c.
CVE-2019-11005In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a stack-based buffer overflow in the function SVGStartElement of coders/svg.c, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a quoted font family value.
CVE-2017-11643GraphicsMagick 1.3.26 has a heap overflow in the WriteCMYKImage() function in coders/cmyk.c when processing multiple frames that have non-identical widths.
CVE-2017-11641GraphicsMagick 1.3.26 has a Memory Leak in the PersistCache function in magick/pixel_cache.c during writing of Magick Persistent Cache (MPC) files.
CVE-2017-11637GraphicsMagick 1.3.26 has a NULL pointer dereference in the WritePCLImage() function in coders/pcl.c during writes of monochrome images.
CVE-2017-11636GraphicsMagick 1.3.26 has a heap overflow in the WriteRGBImage() function in coders/rgb.c when processing multiple frames that have non-identical widths.
CVE-2017-11139GraphicsMagick 1.3.26 has double free vulnerabilities in the ReadOneJNGImage() function in coders/png.c.
CVE-2016-7996Heap-based buffer overflow in the WPG format reader in GraphicsMagick 1.3.25 and earlier allows remote attackers to have unspecified impact via a colormap with a large number of entries.
CVE-2016-7447Heap-based buffer overflow in the EscapeParenthesis function in GraphicsMagick before 1.3.25 allows remote attackers to have unspecified impact via unknown vectors.
CVE-2016-7446Buffer overflow in the MVG and SVG rendering code in GraphicsMagick 1.3.24 allows remote attackers to have unspecified impact via unknown vectors. Note: This vulnerability exists due to an incomplete patch for CVE-2016-2317.
CVE-2016-5118The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename.
CVE-2007-0770Buffer overflow in GraphicsMagick and ImageMagick allows user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via a PALM image that is not properly handled by the ReadPALMImage function in coders/palm.c. NOTE: this issue is due to an incomplete patch for CVE-2006-5456.
CVE-2025-32460GraphicsMagick before 8e56520 has a heap-based buffer over-read in ReadJXLImage in coders/jxl.c, related to an ImportViewPixelArea call.
CVE-2019-19953In GraphicsMagick 1.4 snapshot-20191208 Q8, there is a heap-based buffer over-read in the function EncodeImage of coders/pict.c.
CVE-2019-11006In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the function ReadMIFFImage of coders/miff.c, which allows attackers to cause a denial of service or information disclosure via an RLE packet.
CVE-2019-11506In GraphicsMagick from version 1.3.30 to 1.4 snapshot-20190403 Q8, there is a heap-based buffer overflow in the function WriteMATLABImage of coders/mat.c, which allows an attacker to cause a denial of service or possibly have unspecified other impact via a crafted image file. This is related to ExportRedQuantumType in magick/export.c.
CVE-2019-11505In GraphicsMagick from version 1.3.8 to 1.4 snapshot-20190403 Q8, there is a heap-based buffer overflow in the function WritePDBImage of coders/pdb.c, which allows an attacker to cause a denial of service or possibly have unspecified other impact via a crafted image file. This is related to MagickBitStreamMSBWrite in magick/bit_stream.c.
CVE-2019-11008In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer overflow in the function WriteXWDImage of coders/xwd.c, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file.
CVE-2018-6799The AcquireCacheNexus function in magick/pixel_cache.c in GraphicsMagick before 1.3.28 allows remote attackers to cause a denial of service (heap overwrite) or possibly have unspecified other impact via a crafted image file, because a pixel staging area is not used.
CVE-2017-17915In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a heap-based buffer over-read in ReadMNGImage in coders/png.c, related to accessing one byte before testing whether a limit has been reached.
CVE-2017-17913In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a stack-based buffer over-read in WriteWEBPImage in coders/webp.c, related to an incompatibility with libwebp versions, 0.5.0 and later, that use a different structure type.
CVE-2017-17912In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a heap-based buffer over-read in ReadNewsProfile in coders/tiff.c, in which LocaleNCompare reads heap data beyond the allocated region.